Skip to Content
Jan 30, 2019 at 03:15 PM

How to stop logon token re-usability in SAP Business Intelligence 4.2



I am calling the open document URL from a JAVA portal web application.

For SSO, I am generating a token and passing as a parameter along with the open document URL.

The issue is the token which I generated can be used multiple times and initializing multiple sessions.

This seems a vulnerability since the token can be captured along with URL and reused.

I would like to know is there a way to restrict the token to be used only once to create a session on the BO server?

I have gone through lot of forums and open document developer guide and BO admin guide and applied timeout setting on the JAVA code used for calling restful api also configured enterprise token timeout setting in WACS . But the time can be controlled still re-usability exists.

I need the server in the way that only there should be authentication between the Portal application and BO server. Also if the token is captured that could not be used for second time.

Can some one suggest a way to handle this?